A bit strange that neither of the three groups associated with KVM, ‘kvm’, ‘qemu’ and ‘libvirt’, seem to be more than empty pre-defined groups; to me, at least, it seems more or less so. I am unable to make any progress towards running KVM as user whether I belong to any or all of these groups. It isn’t recommended to run virtualisation as root/superuser is it?
How do you guys run KVM?
Thanks,
Olav
i could run virtualbox by adding vboxusers group to my <user>
i can run gnome-boxes too.
Hi
Nothing special, qemu-kvm… I have a script;
#!/bin/sh
MACADDRESS=`easymac.sh -g -m`
qemu-kvm -soundhw hda -net nic,macaddr=$MACADDRESS -net user -cdrom \
${@:-out/target/product/openSUSE/openSUSE.iso}
Using what command? What do you get back or what are the symptoms of it
not working? If you added your user to groups did you logout/login to
apply changes? Which version of openSUSE? Current on patches?
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…
From vazhavandan:
i could run virtualbox by adding vboxusers group to my <user>
i can run gnome-boxes too.
Virtualbox (+ virtualbox-qt) works for me as well if I add myself to the Virtualbox group. So basically I try to run KVM/QEMU as I run Virtualbox.
From ab:
Using what command? What do you get back or what are the symptoms of it
not working? If you added your user to groups did you logout/login to
apply changes? Which version of openSUSE? Current on patches?
I try to connect to KVM/QEMU from the ‘Virtual Machine Manager’ (GUI) but get prompted for root password with ‘System policy prevents management of local virtualized system’:
Details:
Unable to connect to libvirt.
authentication failed: polkit: polkit\56retains_authorization_after_challenge=true
Not authorized.
Libvirt URI is: qemu:///system
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/connection.py", line 1027, in _open_thread
self.vmm = self._try_open()
File "/usr/share/virt-manager/virtManager/connection.py", line 1009, in _try_open
flags)
File "/usr/lib64/python2.7/site-packages/libvirt.py", line 102, in openAuth
if ret is None:raise libvirtError('virConnectOpenAuth() failed')
libvirtError: authentication failed: polkit: polkit\56retains_authorization_after_challenge=true
Not authorized.
I have rebooted every time I have changed the user/group setting.
This computer runs on openSUSE 12.3 KDE, with the official repoes (-oss, update …), but no additional ones other than packman and NVIDIA + some games from openSUSE:games.
Thanks,
Olav
On Wed 16 Oct 2013 11:36:02 PM CDT, F Sauce wrote:
From vazhavandan:
> i could run virtualbox by adding vboxusers group to my <user>
> i can run gnome-boxes too.
Virtualbox (+ virtualbox-qt) works for me as well if I add myself to
the Virtualbox group. So basically I try to run KVM/QEMU as I run
Virtualbox.
From ab:
> Using what command? What do you get back or what are the symptoms of
> it not working? If you added your user to groups did you logout/login
> to apply changes? Which version of openSUSE? Current on patches?
I try to connect to KVM/QEMU from the ‘Virtual Machine Manager’ (GUI)
but get prompted for root password with ‘System policy prevents
management of local virtualized system’:
Details:
Code:
Unable to connect to libvirt.
authentication failed: polkit:
polkit\56retains_authorization_after_challenge=true Not authorized.Libvirt URI is: qemu:///system
Traceback (most recent call last):
File “/usr/share/virt-manager/virtManager/connection.py”, line 1027,
in _open_thread self.vmm = self._try_open()
File “/usr/share/virt-manager/virtManager/connection.py”, line 1009,
in _try_open flags)
File “/usr/lib64/python2.7/site-packages/libvirt.py”, line 102, in
openAuth if ret is None:raise libvirtError(‘virConnectOpenAuth()
failed’) libvirtError: authentication failed: polkit:
polkit\56retains_authorization_after_challenge=true Not authorized.
I have rebooted every time I have changed the user/group setting.
This computer runs on openSUSE 12.3 KDE, with no additional repo other
than packman and NVIDIA + some games from openSUSE:games.
Thanks,
Olav
Hi
I just installed virt-manager, enabled the daemon (as root user) and
then ran virt-manager as my user. Then I connected to the daemon which
required me to enter the root credentials. Then proceeded to do a
virt-install, it’s running qemu-kvm as user qemu, who has no login, so
all is good?
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 12.3 (x86_64) GNOME 3.8.4 Kernel 3.7.10-1.16-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
OK, I’m not quite sure I did follow you but thank you very much for testing it!
Wouldn’t passing the root password to connect to the daemon actually mean you do run the KVM environment as superuser? And I’m not quite sure I understood what you meant by the daemon in this context, the actual qemu/kvm?
Btw, do you belong to any of the groups (kvm, libvirt …)?
Olav
On Thu 17 Oct 2013 01:56:02 AM CDT, F Sauce wrote:
malcolmlewis;2591680 Wrote:
> Hi
> I just installed virt-manager, enabled the daemon (as root user) and
> then ran virt-manager as my user. Then I connected to the daemon which
> required me to enter the root credentials. Then proceeded to do a
> virt-install, it’s running qemu-kvm as user qemu, who has no login, so
> all is good?
>
> –
> Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
> openSUSE 12.3 (x86_64) GNOME 3.8.4 Kernel 3.7.10-1.16-desktop
> If you find this post helpful and are logged into the web interface,
> please show your appreciation and click on the star below… Thanks!
OK, I’m not quite sure I did follow you but thank you very much for
testing it!
Wouldn’t passing the root password to connect to the daemon actually
mean you do run the KVM environment as superuser? And I’m not quite sure
I understood what you meant by the daemon in this context, the actual
qemu/kvm?
Btw, do you belong to any of the groups (kvm, libvirt …)?
Olav
Hi
You need ‘libvirtd’ the backend daemon running as root user (no
different than virtualbox, vmware etc running their services as
root user) for virt-manager to create/connect to a virtual machine. Then
you connect or create a virtual machine and connect to it. This virtual
machine is run as user qemu (who doesn’t have a login, shell etc) so
not a security issue…
I’m not added to any other groups just users (100) group.
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 12.3 (x86_64) GNOME 3.8.4 Kernel 3.7.10-1.16-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
I can’t imagine any scenario where “running” virtualization, ie install, manage, modify, etc would <not> be a security issue running without special permissions.
Although I would be aghast at a “normal” User granted these permissions, if you have network security implemented (as opposed to local only security), then I would expected “better” management to support configuring a Group using Network Security to manage virtualization management.
Virtualization management requires and grants access to the disk file system (but may set up to be scoped) and other OS-level system resources which in the wrong hands can compromise the entire system so should <never> be granted automatic access by ordinary Local Users…
IMO,
TSU
OK, still a bit confused but that is normal:)
Both Virtualbox and KVM is running fine! I had already started learning and using KVM when I had to install Virtualbox as a part of a course I attend, so now I’ve got both running.
Which virtual machine do you guys prefer, any of these or a different one, XEN etc?
Thanks,
Olav
On Fri 18 Oct 2013 02:46:02 AM CDT, F Sauce wrote:
OK, still a bit confused but that is normal:)
Both Virtualbox and KVM is running fine! I had already started learning
and using KVM when I had to install Virtualbox as a part of a course I
attend, so now I’ve got both running.
Which virtual machine do you guys prefer, any of these or a different
one, XEN etc?
Thanks,
Olav
Hi
I prefer using qemu-kvm only because I can also use with building rpms
and running up the odd iso image. My preference is for vmware player.
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 12.3 (x86_64) GNOME 3.8.4 Kernel 3.7.10-1.16-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!